[rt-users] 403 returned by rt-mailgate / mail-gateway

Dominic Hargreaves dominic.hargreaves at oucs.ox.ac.uk
Wed Apr 29 07:53:06 EDT 2009


On Wed, Apr 29, 2009 at 10:50:29AM +0100, Dan Swan wrote:

> However all attempts to send mail result in (from Postfix mail.log):
> 
> Apr 29 09:48:09 bsu postfix/local[21497]: 1F6C4A0010:
> to=<support at bsu.ncl.ac.uk>, relay=local, delay=8924,
> delays=8923/0.04/0/0.9, dsn=4.3.0, status=deferred (temporary failure.
> Command output: An Error Occurred =================  403 Forbidden )
> 
> In the Apache2 logs we get:
> 
> [Wed Apr 29 10:01:40 2009] [error] [client 128.240.125.96] client
> denied by server configuration:
> /usr/share/request-tracker3.6/html/REST/1.0/NoAuth/mail-gateway
> 
> There's a suggestion in the FAQ that adding this to to the Apache2
> configs (sites-enabled/000-default in my case) might alleviate the
> problem inside the VirtualHost directive.
> 
> <Directory "/usr/share/request-tracker3.6/html/">
>     Order allow,deny
>     Allow from all
> </Directory>
> 
> (It doesn't)
> 
> The only other directive relating to RT in this file is:
> 
> Include "/etc/request-tracker3.6/apache2-modperl2.conf"

If you look further down that file you'll find:

# Limit mail gateway access to localhost by default
<Location /rt/REST/1.0/NoAuth>
    Order Allow,Deny
    Allow from 127.0.0.1
</Location>

As you've configured http://bsu.ncl.ac.uk/rt as the path to your 
installation on the mailgate command line, your requests won't be
coming from localhost (127.0.0.1). The least invasive fix is probably
adding:

Allow from 128.240.125.96

or 

Allow from bsu.ncl.ac.uk

to that stanza in /etc/request-tracker3.6/apache2-modperl2.conf

-- 
Dominic Hargreaves, Systems Development and Support Team
Computing Services, University of Oxford



More information about the rt-users mailing list